package com.example.springboot.utils;

import jodd.util.StringUtil;

/**
 * @Author:ChenZhangKun
 * @Date: 2022/4/17 20:07
 */
public class SQLFilter {
    public static String sqlInject(String str)
    {
        if (StringUtil.isBlank(str))
        {
            return null;
        }
        // 去掉'|"|;|\字符
        str = StringUtil.replace(str, "'", "");
        str = StringUtil.replace(str, "\"", "");
        str = StringUtil.replace(str, ";", "");
        str = StringUtil.replace(str, "\\", "");

        // 转换成小写
        str = str.toLowerCase();

        // 非法字符
        String[] keywords = { "master", "truncate", "insert", "select",
                "delete", "update", "declare", "alert", "drop" };

        // 判断是否包含非法字符
        for (String keyword : keywords)
        {
            if (str.contains(keyword))
            {
                throw new RuntimeException("包含非法字符");
            }
        }
        return str;
    }

}
